Professional Documents
Culture Documents
ISO/IEC 20000:
Similarities and Differences &
Process Mapping
WHITE PAPER
It describes similarities and differences between ITIL 2011 and ISO/IEC 20000, briefly describing mapped
processes.
This document is focused on similarities rather than differences between the two, from the aspect of
experience in ITSM implementation in various service organizations.
ISO/IEC 20000 adopts a PDCA (Plan, Do, Check, Act) Deming lifecycle, similar to other ISO norms. This can
also be observed parallel to a 7-Step CSI improvement process in ITIL CSI. Processes are organized into
groups: Service Delivery, Relationship, Resolution and Control.
Best practice guidelines, which provide IT 256 mandatory requirements against which an
professionals with best practices organization can be assessed for effective IT
Service Management processes
26 processes 12 processes
For individuals. Complex certification path. For IT Service Organizations. Helps preserve
Empowers individual professionals with ITSM knowledge about ITSM processes as an
skills and knowledge. organization’s intellectual property.
Implement any number of processes as needed, ALL 12 processes HAVE to be implemented and
adapts to IT Service org. business needs. audited against the 256 requirements.
Markets which are accustomed to require ITIL Markets which are accustomed to require
certificates in tenders. ISO/IEC 20000 certificates in tenders.
Further into the text, you'll find an explanation of the relationship between ITIL and ISO 20000, for each
group of processes:
6.2 Service Reporting was a distinct process in a CSI book of previous ITIL V3 edition; but, in the new 2011
edition, it was decided that reporting activities are too important for most of the processes in all lifecycle
stages and shouldn’t be dealt with as a single process. So, bits and pieces of Service Reporting can be
found in all processes, like in SLM, and as a METHOD in ITIL CSI book, not a process.
In ISO20000 Service Reporting it has only five requirements, but they are rather demanding, and they all
make sense.
IT Service Continuity Management and Availability Management in ITIL are combined in ISO20k as 6.3
Service Continuity and Availability Management, which makes sense when you implement a strict
auditable process. It is internally divided into three chapters: requirements, plans and monitoring &
testing. Altogether, there are 18 strict requirements.
ITIL Capacity Management is an important process in Service Design. In ISO20k it is described in 6.5 by six
requirements, the one concerning Capacity Plan being the most demanding. ITIL elaborates in detail about
resource, service and business capacity management.
6.4 Budgeting and Accounting for IT Services is parallel to ITIL’s Service Strategy’s Financial Management
process, where, besides Budgeting and Accounting, a Charging procedure is described.
6.6 Information Security Management is one of the most elaborate ISO20k processes. Companies which
have ISO/IEC 27001 Information Security Management System adopted would benefit significantly from
it here. They can simply refer to it for most of the requirements. Careful here, the scope of 20k and 27001
should be at least similar. Business organizations not having an ISMS should put forth much more effort
than the size of ITIL Service Design chapter indicates.
Another key process in ITIL is Problem Management. As opposed to Incident Management, PM is a simple
process performed by expensive people. Problem Management in ITIL was rather straightforward, yet
contradictory. What is reactive PM, how is proactive PM done, how is the Problem being identified? These
Functions
ITIL V2 had a single Service Desk function (It was called HelpDesk in V1) for ages, and now there are 3
more functions in V3: Operations, Application and Technical management. ISO20k is process oriented; no
functions are defined in it. If a service organization wishes to implement these functions, it has to refer to
ITIL.
9.2 Change Management: Twenty-four requirements in ISO 20k should indicate the importance of this
process. In a young SM company, diagnostics for most of the incidents starts with “What did you change?”
This is a killer key process in ITIL and it is usually recognized right after the implementation of Incident
Management. A rule of thumb: 80% of incidents are there because of bad Change Management.
Release and Deployment Management. In both former editions, ITIL and ISO20k, it was called Release
Management. To describe it better, “deployment” was appended to a process name. Now we have a
better image of what it is: Physically performing changes after the change process is done. That’s called
deployment. Service Organization has to manage the people, resources and services impacted. One
Change can be done in multiple Releases, and one Release can come from multiple Changes. In practice,
most of the ISO20k auditors will approve combining change and release management process.
To learn more about similarities and differences see this article: ITIL and ISO 20000: A Comparison.
Useful resources
These online materials will help you with ITIL® and ISO 20000 implementation:
Here you can download a free preview of the ITIL® & ISO 20000 Premium Documentation
Toolkit – in this free preview; you will be able to see the Table of Contents of each of the
mentioned documented procedures, as well as a few sections from each document.